Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Total 671 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0990 2 Mono, Novell 2 Mono, Moonlight 2025-04-11 5.8 MEDIUM N/A
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
CVE-2009-4653 2 Microsoft, Novell 2 Windows, Edirectory 2025-04-11 9.0 HIGH N/A
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.
CVE-2009-4662 1 Novell 1 Groupwise 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
CVE-2013-4589 3 Fedoraproject, Graphicsmagick, Novell 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more 2025-04-11 4.3 MEDIUM N/A
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
CVE-2011-3014 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2010-2778 1 Novell 1 Groupwise 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
CVE-2010-4323 1 Novell 1 Zenworks Configuration Manager 2025-04-11 7.5 HIGH N/A
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
CVE-2011-2658 1 Novell 1 Zenworks Configuration Management 2025-04-11 6.8 MEDIUM N/A
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
CVE-2012-2215 1 Novell 1 Zenworks Configuration Management 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
CVE-2011-0334 1 Novell 1 Groupwise 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
CVE-2011-0742 1 Novell 1 Zenworks Handheld Management 2025-04-11 10.0 HIGH N/A
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
CVE-2011-3175 1 Novell 1 Zenworks Configuration Management 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
CVE-2010-0666 1 Novell 1 Edirectory 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.
CVE-2011-2656 1 Novell 1 Zenworks Handheld Management 2025-04-11 9.3 HIGH N/A
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2655.
CVE-2011-2645 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM.
CVE-2011-2646 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
CVE-2011-4913 2 Linux, Novell 2 Linux Kernel, Suse Linux Enterprise Server 2025-04-11 7.8 HIGH N/A
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
CVE-2013-3697 2 Microsoft, Novell 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more 2025-04-11 7.2 HIGH N/A
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.
CVE-2011-2223 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 5.0 MEDIUM N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2005-4887 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 7.5 HIGH N/A
NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords.